Installing a secure instant messaging server on Linux

Did your company ban instant messaging for security reasons? Free up email resources and bring back real-time communication with this secure IM server.

The popularity of Microsoft's Live Communication Server and the many XMPP/Jabber Server implementations have tech analysts like the ones over at Slashdot asking the question "Is XMPP the 'Next Big Thing'?" The advent of instant message (IM) servers has heralded the age of live communication in the enterprise.

Now that IM servers are ready for the enterprise data center, isn't it time to learn how to install, configure and manage one? This walkthrough will show how to install the Open Source version of Openfire Chat Server 3.4.4 on Ubuntu Linux 7.10 Gusty Gibbon amd64, and guide readers along the steps necessary to initially configure Openfire. The article will also show IT administrators how to successfully connect a chat client to their new enterprise Openfire chat server.

IM in the enterprise
Instant messaging (IMing) first appeared in the late 1990s and was immediately embraced by teenagers. Today, those teens are young professionals entering a business-world that has not made its mind up about IMing. For these new professionals, email or telephones are outmoded or too bulky compared to the short-burst communication style like IM.

So what should businesses do with IM? What implications might IMing have on their business or intellectual property (IP)? Should a business ban IM, it risks stifling the creativity of the younger workforce.

Five years ago, the answer would have been to err on the side of caution. IP is too important to trust communication about it over unknown media such as IM. But today, secure implementations of IM are available that are well-suited for enterprise businesses with even the most strict security policies, allowing businesses to take full advantage of IM communication.

One such implementation is Openfire Chat Server on Linux from Jive Software. Openfire IM server is enterprise-class software with all the features necessary for businesses to feel confident about deploying. Jive Software offers two versions of Openfire Chat Server: Enterprise and  Open Source. The Enterprise version includes support from Jive Software. Other features limited to the Enterprise version are:

  • Clustering - Cluster chat servers
  • Fastpath - Connect incoming questions to the right people
  • Archiving - Archive chat transcripts on the server
  • Reporting - Verbose activity reporting
  • Sparkweb Client - Browser-based IM client
  • Client Control - Control users' IM clients

Both versions of Openfire Chat Server are based on the open standard Extensible Messaging and Presence Protocol ( XMPP/ Jabber). All chats can be encrypted with transport layer security (TLS) and users can be authenticated with the light-weight directory access protocol (LDAP). A full list of features for both the Enterprise and Open Source versions is available at the Jive Software website.

Notes on Openfire
Openfire Chat Server should be installed in a secure network environment because once installed its administration website is initially open to anyone who can access the server on port 9090. Administrators are cautioned to take steps to prevent this in advance via iptables or host access files.

Openfire installation

  1. Download the latest version of Openfire Chat Server for Linux directly to the intended server using 'wget'. Rename the Debian package to 'openfire_3.4.4.deb'.
  2. Install the software by typing:
    sudo dpkg -i openfire_3.4.4.deb

    Some errors may be generated informing the user that this server does not have a Java Runtime Environment (JRE). To fix this type:
    sudo apt-get install sun-java6-jre

    This will install the latest version of the Sun JRE. Go ahead and reinstall Openfire:
    sudo dpkg -i openfire_3.4.4.deb

    Congratulations! Openfire Chat Server is installed. Now it is time to configure it.

    Openfire configuration

    1. Visit the new Openfire Chat Server's administration site at http://FQDN_OF_CHAT_SERVER:9090
    2. Choose a language and click 'Continue'
    3. Choose the server settings. The defaults are fine unless you implement a local server name and an external service name. Click 'Continue'
    4. Openfire Chat Server relies upon either an external or embedded database. For enterprise deployments, choose 'Standard Database Connection' and click 'Continue'
    5. Enter your database settings. Use Openfire's database documentation for assistance. Click 'Continue'.
    6. Select whether to store users inside the server database or on an existing LDAP server. The latter option is preferable for enterprise deployments that already have an LDAP infrastructure in place. Select 'Director Server (LDAP)' and click 'Continue'
    7. Setting up an LDAP connection begins with defining the connection to the LDAP server. First select the server type. (e.g., Active Directory). Then enter the name of the server (Host) and the port to which connections will be made. Enter port 636 (for encrypted connections). Next, enter the Base DN (distinguished name) of the root container on the LDAP server under which all Openfire users will live. Enter the full DN of the user that will be the reader account for this Openfire server. This account will be responsible for looking up users on the LDAP server in order to test their credentials. This account needs only to have read access to the Openfire users on the LDAP server.

      Before moving on, click on the Advanced Settings link. Clicking on this link will expand an extra array of settings at the bottom of the screen. Go ahead and click yes (next to 'Use SSL'). The LDAP server in question must support SSL for this option to work; however, the alternative is having all queries and results be performed in the clear, which is unacceptable. Click 'Save & Continue'

    8. The next screen allows the full customization of which user attributes from the LDAP server will be mapped to similar user attributes for Openfire users. The default options should be fine here. Click 'Save & Continue'
    9. The following screen configures LDAP group settings. The default options should also be fine here. Click 'Save & Continue'
    10. The final part of LDAP configuration is choosing a user (or users) from the LDAP server to be an Openfire administrator. Type the given username in here, click 'Add' and then click 'Continue' once all the appropriate users are added here.

    Congratulations! You have successfully installed and configured Openfire Chat Server. Login to the management console to further configure Openfire, or let your users start connecting today!

    About the author: Andrew Kutz is a Microsoft Certified Solutions Developer (MCSD) and a SANS/GIAC Certified Windows Security Administrator (GCWN). An avid fan of .NET, open source, Terminal Services and coding, Andrew's current focus is on virtualization. He recently wrote about managing hardware RAIDs with Adaptec and Ubuntu.

Dig Deeper on Linux servers